InfoSphere Guardium

I will be the first to admit that when I first heard of 'data level security' I had no idea what it meant. It's one of those terms that could mean almost anything, depending on what context you first heard it. So, let's get over the term and focus on what the capability is. Simply put, it enables you to create automatic filtering of audit data based on who the viewer is and their association with the particular audited database (hence the term data-level...). The beauty of this is that you can create one report definition, such as a report that shows database activity, and when the Oracle DBA sees it he or she would only see Oracle information, and when the DB2 DBA he or she would only see activity for the DB2 database. Furthermore, you can overlay your organizational structure so that the DBA manager could see the audit data for all the databases. This is quite a simplification, but I think trying to explain it in words is hard. You really need a visual and an example.

For this reason, I urge you to go read this developerWorks article that one of my colleagues and I coauthored. It has nice pictures and walks you through a scenario that includes not just DBA roles, but auditor roles as well. Check it out.

9.1 for the appliance is Patch 100 on top of 9.0 product image. If you download from Passport Advantage, you will get Patch 100 as well as the base image. But do not forget to go through appropriate health checks before upgrading. The patches for 32-bit, 64-bit, and the health checks are on FixCentral.

The Windows S-TAP is available now on FixCentral as well. The UNIX one will be available a little later.

Documentation and planning

Information Center Now includes everything that was only in online help. Look in 9.1 from left Navigation to find all 9.1 documentation including the user guides for z/OS S-TAPS.

I wanted to let everyone know that F5 has published two step by step deployment guides- you can find them on their dw wiki page: One to support what we call Guardium "grid" and another for the real-time application end user identification from their firewall. If you didn't listen in or download the notes and slides from the What is new in V9 Tech Talk, you may not have a clue what I'm talking about so I'll briefly summarize:

With Guardium grid, all S-TAPs point to the same virtual IP address for the collector. The load balancer in the middle will pick a collector. This significantly reduces the headaches of dealing with changing parameters when you need to add new collectors or otherwise move things around to accommodate your environment. This has been tested with both Cisco and F5. The F5 capability used is called the BIG IP Local Traffic Manager (LTM).

The next capability is centered around an integration with F5 BIG-IP Application Security Manager (ASM). ASM is able to read HTML packets and be aware of which user is requesting/sending which traffic. We've now enabled the Guardium Collector to accept a data stream from BIG-IP with this information and to correlate the end-user information to individual SQL statements. By enabling the integration, Guardium can correlate end users with the related database activity, even in situations where user-sessions are not managed at the database level.

These deployment guides are very well written. Check them out if either or both of the capabilities above interest you. Kathy Zeidenstein